Navigate

Check: GEN004820

AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE: GEN004820 (in versions v1 r14 through v1 r10)

Title

Anonymous FTP must not be active on the system unless authorized. (Cat II impact)

Discussion

Due to the numerous vulnerabilities inherent in anonymous FTP, it is recommended that it not be used. If anonymous FTP must be used on a system, the requirement must be authorized and approved in the system accreditation package.

Check Content

Attempt to log into this host with a user name of anonymous and a password of guest (also try the password of guest@mail.com). If the logon is successful, this is a finding. Procedure: # ftp localhost Name: anonymous 530 Guest login not allowed on this machine.

Fix Text

Remove user "anonymous" from /etc/passwd.

Additional Identifiers

Rule ID: SV-40086r1_rule

Vulnerability ID: V-846

Group Title: GEN004820

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001475	The organization reviews the proposed content of information prior to posting onto the publicly accessible information system to ensure that nonpublic information is not included.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AC-22	Publicly Accessible Content